Privacy Policy — Շշուկներ (Shshukner)
Last updated: 2026-04-18 Effective date: 2026-04-18
1. Who we are
Շշուկներ ("Shshukner", "Whispers", "the App", "we", "us") is an anonymous, location-based social app.
Contact: - Email: turn.on.everywhere@gmail.com - Telegram: @Whisperssupport
2. Summary
- Registration requires only a username and password. No email, phone number, or real name is collected.
- No third-party analytics, advertising SDKs, or social-media SDKs are embedded in the App.
- No data is sold, rented, or shared with advertisers, data brokers, or marketing companies.
- Location is stored at approximate granularity only (coordinates rounded to ~1 km on the server before write).
- A hashed device fingerprint is used to enforce one-account-per-device (anti-spam).
3. What we collect
3.1 Account information
| Data | Source | Why |
|---|---|---|
| Username (3+ characters) | You | To identify your posts to others |
| Password (hashed with bcrypt, cost 12) | You | To authenticate logins; we cannot read your password |
| Account creation timestamp | Auto | For badges and statistics |
3.2 Content you create
| Data | Why |
|---|---|
| Posts, comments, polls, listings, group descriptions | To display them to other users in your area |
| Reactions and votes | To compute trending content |
| Images (if you upload any) | To display them with your posts |
| Chat requests and direct messages | To enable you to communicate with users you connect with |
3.3 Location
| Data | Why |
|---|---|
| Latitude/longitude rounded to ~1 km | To show you content from your area and to attach approximate location to your posts |
We do not store your precise GPS coordinates. The rounding happens on our servers before any data is written to the database.
3.4 Device & technical data
| Data | Source | Why |
|---|---|---|
| IP address | Auto (connection metadata) | Rate limiting, abuse prevention. Not stored long-term. |
| HTTP request logs | Auto | Operations and debugging. Retained for 30 days. |
| Push-notification token (FCM) | You opt in | Deliver notifications for replies, chat requests, nearby activity. Sent to Google Firebase Cloud Messaging for delivery only. |
| Hashed device fingerprint | Auto | Enforce one-account-per-device (anti-spam). Not linked to real identity. |
3.5 Your safety controls
| Data | Why |
|---|---|
| Blocklist (users you have blocked) | To hide content from users you block across the feed, comments, polls, listings, and messaging |
3.6 What we do NOT collect
- Your real name, address, phone number, or email
- Your contact list, calendar, photos library (beyond images you explicitly upload), or microphone
- Your browsing history outside the app
- Advertising identifiers (we use none)
- Biometric data
- Behavioral profiles for advertising
4. How we use your data
- To operate the app — show you nearby posts, deliver messages to recipients, etc.
- To moderate — when posts are reported, we review them. We may hide or remove content that violates our Terms.
- To prevent abuse — rate limiting, banning accounts that send spam or harass others.
- To improve the app — aggregate, anonymized statistics (e.g. "How many posts were created in the last month?") may inform feature development.
We do not use your data for advertising, profiling, or any third-party commercial purpose.
5. Who your data is shared with
| Recipient | Why | What they see |
|---|---|---|
| Other users of the app | The whole point of a social app | Your username, your posts/comments, your approximate location (~1 km granularity), badges, level, profile statistics. Users you have blocked do not see your content or receive messages from you. |
| MongoDB Atlas (Cloud database, EU region) | We store data here | Encrypted at rest |
| Cloudflare R2 (image storage) | We store uploaded images here | The images you upload |
| DigitalOcean (hosting, Frankfurt) | We run our API here | Server logs, including IP addresses |
| Google Firebase Cloud Messaging (push notifications) | Deliver notifications to your device | Only your push token and the notification payload (short text, no private data) |
We do not share your data with: - Advertisers - Data brokers - Marketing companies - Government agencies, except in response to a valid legal order or to prevent imminent harm
6. How long we keep your data
| Data | Retention |
|---|---|
| Account (username, password hash) | Until you delete your account |
| Posts, comments, polls, listings | Until you delete them or your account |
| Listings | Auto-deleted 30 days after creation (TTL) |
| Pending chat requests | Auto-deleted after 30 days if not accepted |
| HTTP/server logs | 30 days |
| Banned account records | Indefinitely (to prevent ban evasion) |
When you delete your account, all your posts, comments, polls, listings, messages, and badges are permanently deleted. Some operational logs may persist for up to 30 days.
7. Your rights
You can, at any time:
- Access your data — your profile, posts, etc. are visible in the app
- Edit or delete content — long-press any of your posts/comments to delete
- Block other users — tap the 3-dot menu on any post → Block user. Manage your blocklist in Profile → Blocked users.
- Delete your account — Profile → Delete account. This is permanent and immediate. You can also delete from your browser at https://whispersyvn.com/delete-account without installing the app.
- Withdraw consent — uninstall the app
If you are in the EU/EEA/UK, you also have GDPR rights including data portability and the right to lodge a complaint with your data protection authority.
To exercise any right not directly available in the app, contact us — email turn.on.everywhere@gmail.com or Telegram @Whisperssupport. We respond within 30 days.
8. Children
The app is not intended for users under the age of 13 (16 in EU/EEA per GDPR-K). If you are below this age, please do not use the app. If we become aware that a child has created an account, we delete it.
9. Security
- Passwords are hashed with bcrypt (cost factor 12). We never see your password in plain text.
- All data in transit uses TLS 1.2+.
- Data at rest is encrypted by our database provider (MongoDB Atlas).
- Image uploads are validated for type and size before storage.
- Rate limits and a profanity filter help prevent abuse.
No system is 100% secure. If you suspect a security incident, contact turn.on.everywhere@gmail.com.
10. International transfers
Our servers are located in the European Union (Frankfurt, Germany — operated by DigitalOcean). Our database is hosted on MongoDB Atlas (EU region). Uploaded images are stored on Cloudflare R2. By using the app, you consent to your data being transferred to and stored on these servers.
11. Changes to this policy
We may update this policy as the app evolves. Material changes will be announced in the app and at https://whispersyvn.com/privacy. The "Last updated" date at the top reflects the latest revision.
12. Contact
Questions, complaints, or rights requests:
- 📧 turn.on.everywhere@gmail.com
- 💬 Telegram: @Whisperssupport